CVE-2025-56082 is a remote OS Command Injection vulnerability identified in the Ruijie RG-BCR RG-BCR600W device, specifically within the LuCI controller script located at /usr/lib/lua/luci/controller/admin/common.lua. The vulnerability arises from improper input validation in the check_changes function, which processes POST requests. An attacker can exploit this flaw by crafting a malicious POST request that injects arbitrary system commands, which the device executes with the privileges of the web server process. This can lead to full system compromise, including unauthorized access, data exfiltration, or disruption of network services. The vulnerability does not currently have a CVSS score or known exploits in the wild, but its nature suggests a critical risk. The affected device is typically used in enterprise and service provider environments for network access control and management, making it a high-value target. The lack of authentication requirements or the possibility of bypassing authentication (not explicitly stated but common in such injection flaws) would increase the attack surface. The vulnerability was reserved in August 2025 and published in December 2025, indicating recent discovery and disclosure. No patches or mitigation links are currently available, emphasizing the need for immediate defensive measures.

For European organizations, exploitation of this vulnerability could lead to severe consequences including unauthorized control over network access devices, enabling attackers to manipulate network traffic, intercept sensitive data, or disrupt critical services. Enterprises relying on Ruijie RG-BCR600W for network access control or authentication could face operational downtime, data breaches, and compliance violations under GDPR. Critical infrastructure sectors such as telecommunications, energy, and government networks using these devices are at heightened risk. The ability to execute arbitrary commands remotely without known authentication requirements increases the likelihood of successful attacks, potentially allowing lateral movement within networks. This could undermine trust in network security, cause financial losses, and damage organizational reputation. The absence of known exploits suggests a window for proactive defense, but also a risk of imminent exploitation once details become public or tools are developed.

1. Immediately restrict access to the management interface of Ruijie RG-BCR600W devices to trusted internal networks using firewall rules and network segmentation. 2. Implement strict access control lists (ACLs) and VPN requirements for remote management to prevent unauthorized external access. 3. Monitor network traffic for unusual POST requests targeting the /usr/lib/lua/luci/controller/admin/common.lua endpoint, especially those containing suspicious payloads. 4. Employ Web Application Firewall (WAF) rules to detect and block command injection patterns in HTTP requests. 5. Coordinate with Ruijie Networks for official patches or firmware updates addressing CVE-2025-56082 and apply them promptly once available. 6. Conduct regular security audits and penetration tests focusing on network access control devices to identify similar vulnerabilities. 7. Educate network administrators on the risks of command injection and the importance of secure device configuration. 8. Consider temporary device replacement or isolation if patching is delayed and the device is exposed to untrusted networks.